package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.sap.cloud.sdk.cloudplatform.PlatformSslContextProvider;
import com.sap.cloud.sdk.cloudplatform.exception.CloudPlatformException;
import io.vavr.control.Option;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Collections;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import lombok.Generated;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/SSLContextFactory.class */
class SSLContextFactory {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(SSLContextFactory.class);
    private static final KeyStoreMetadata JDK_TRUST_STORE_METADATA = new KeyStoreMetadata((File) Option.of(System.getProperty("javax.net.ssl.trustStore")).map(File::new).getOrElse(() -> {
        return new File(System.getProperty("java.home"), "/lib/security/cacerts");
    }), System.getProperty("javax.net.ssl.trustStorePassword"));

    @Nonnull
    private final PlatformSslContextProvider sslContextProvider;
    private final SSLContextBuilder sslContextBuilder;

    /* renamed from: com.sap.cloud.sdk.cloudplatform.connectivity.SSLContextFactory$1, reason: invalid class name */
    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/SSLContextFactory$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$SecurityConfigurationStrategy = new int[SecurityConfigurationStrategy.values().length];

        static {
            try {
                $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$SecurityConfigurationStrategy[SecurityConfigurationStrategy.FROM_PLATFORM.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$SecurityConfigurationStrategy[SecurityConfigurationStrategy.FROM_DESTINATION.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/SSLContextFactory$KeyStoreMetadata.class */
    public static final class KeyStoreMetadata {
        private final File filePath;

        @Nullable
        private final String password;

        Option<String> getPassword() {
            return Option.of(this.password);
        }

        @Generated
        public KeyStoreMetadata(File file, @Nullable String str) {
            this.filePath = file;
            this.password = str;
        }

        @Generated
        public File getFilePath() {
            return this.filePath;
        }

        @Generated
        public boolean equals(@Nullable Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof KeyStoreMetadata)) {
                return false;
            }
            KeyStoreMetadata keyStoreMetadata = (KeyStoreMetadata) obj;
            File filePath = getFilePath();
            File filePath2 = keyStoreMetadata.getFilePath();
            if (filePath == null) {
                if (filePath2 != null) {
                    return false;
                }
            } else if (!filePath.equals(filePath2)) {
                return false;
            }
            Option<String> password = getPassword();
            Option<String> password2 = keyStoreMetadata.getPassword();
            return password == null ? password2 == null : password.equals(password2);
        }

        @Generated
        public int hashCode() {
            File filePath = getFilePath();
            int hashCode = (1 * 59) + (filePath == null ? 43 : filePath.hashCode());
            Option<String> password = getPassword();
            return (hashCode * 59) + (password == null ? 43 : password.hashCode());
        }

        @Nonnull
        @Generated
        public String toString() {
            return "SSLContextFactory.KeyStoreMetadata(filePath=" + getFilePath() + ", password=" + getPassword() + ")";
        }
    }

    SSLContextFactory(@Nullable SSLContextBuilder sSLContextBuilder, @Nullable PlatformSslContextProvider platformSslContextProvider) {
        this.sslContextBuilder = sSLContextBuilder != null ? sSLContextBuilder : SSLContextBuilder.create();
        this.sslContextProvider = platformSslContextProvider != null ? platformSslContextProvider : new CfPlatformSslContextProvider();
    }

    SSLContextFactory(@Nullable PlatformSslContextProvider platformSslContextProvider) {
        this(null, platformSslContextProvider);
    }

    SSLContextFactory(@Nonnull SSLContextBuilder sSLContextBuilder) {
        this(sSLContextBuilder, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLContextFactory() {
        this(null, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public SSLContext createSSLContext(@Nonnull HttpDestinationProperties httpDestinationProperties) throws GeneralSecurityException, IOException {
        switch (AnonymousClass1.$SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$SecurityConfigurationStrategy[httpDestinationProperties.getSecurityConfigurationStrategy().ordinal()]) {
            case 1:
                return getPlatformSslContext();
            case 2:
            default:
                return getSSLContextFromDestination(httpDestinationProperties);
        }
    }

    private SSLContext getPlatformSslContext() throws CloudPlatformException {
        return (SSLContext) this.sslContextProvider.tryGetContext().getOrElseThrow(th -> {
            return new CloudPlatformException("Failed to create default SSL context", th);
        });
    }

    private SSLContext getSSLContextFromDestination(@Nonnull HttpDestinationProperties httpDestinationProperties) throws GeneralSecurityException, IOException {
        setTlsVersion(httpDestinationProperties, this.sslContextBuilder);
        configureTrustSettings(httpDestinationProperties, this.sslContextBuilder);
        configureKeySettings(httpDestinationProperties, this.sslContextBuilder);
        return this.sslContextBuilder.build();
    }

    private void setTlsVersion(@Nonnull HttpDestinationProperties httpDestinationProperties, SSLContextBuilder sSLContextBuilder) {
        httpDestinationProperties.getTlsVersion().peek(str -> {
            log.debug("Using TLS protocol version \"{}\".", str);
            sSLContextBuilder.setProtocol(str);
        });
    }

    private void configureTrustSettings(@Nonnull HttpDestinationProperties httpDestinationProperties, @Nonnull SSLContextBuilder sSLContextBuilder) throws GeneralSecurityException, IOException {
        if (httpDestinationProperties.isTrustingAllCertificates()) {
            log.debug("Trusting all certificates.");
            sSLContextBuilder.loadTrustMaterial(TrustAllStrategy.INSTANCE);
            return;
        }
        Option trustStore = httpDestinationProperties.getTrustStore();
        if (trustStore.isDefined()) {
            log.debug("Using trust store of destination.");
            sSLContextBuilder.loadTrustMaterial((KeyStore) trustStore.get(), (TrustStrategy) null);
        } else {
            log.debug("Using JDK default trust store.");
            sSLContextBuilder.loadTrustMaterial(loadTrustStore(JDK_TRUST_STORE_METADATA), (TrustStrategy) null);
        }
    }

    @Nonnull
    private KeyStore loadTrustStore(@Nonnull KeyStoreMetadata keyStoreMetadata) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        File canonicalFile = keyStoreMetadata.getFilePath().getCanonicalFile();
        char[] cArr = (char[]) keyStoreMetadata.getPassword().map((v0) -> {
            return v0.toCharArray();
        }).getOrNull();
        InputStream newInputStream = Files.newInputStream(canonicalFile.toPath(), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, cArr);
            if (newInputStream != null) {
                newInputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void configureKeySettings(@Nonnull HttpDestinationProperties httpDestinationProperties, @Nonnull SSLContextBuilder sSLContextBuilder) throws GeneralSecurityException {
        Option keyStore = httpDestinationProperties.getKeyStore();
        if (keyStore.isDefined()) {
            KeyStore keyStore2 = (KeyStore) keyStore.get();
            if (log.isDebugEnabled()) {
                log.debug("Using key store of destination with aliases: {}", Collections.list(keyStore2.aliases()));
            }
            sSLContextBuilder.loadKeyMaterial(keyStore2, (char[]) httpDestinationProperties.getKeyStorePassword().map((v0) -> {
                return v0.toCharArray();
            }).onEmpty(() -> {
                log.debug("Using key store without password.");
            }).getOrElse(() -> {
                return new char[0];
            }));
        }
    }
}
